Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Further harden against polluted properties #1285

Merged
merged 11 commits into from Nov 19, 2023
Merged

Further harden against polluted properties #1285

merged 11 commits into from Nov 19, 2023

Conversation

ericcornelissen
Copy link
Owner

@ericcornelissen ericcornelissen commented Nov 7, 2023
edited

Relates to #1280

Summary

Update the internals of the project to protect against the potential of polluted properties based on manual evaluation of the source code. Re-use the hasOwn function from options.js (moved to reflection.js) to achieve this.

  • executables.js: Explicitly check that PATH (or Path) isn't being inherited. This is the most obvious place where this is necessary as the code already accounts for the potential of PATH being undefined.
  • platforms.js: Safely get OSTYPE in case it isn't defined in order to avoid wrongly concluding the current system is a Windows system as a result of a polluted OSTYPE value.
  • win.js: Safely get ComSpec in case it isn't defined (already taken into account as well) to avoid using a default shell defined by a polluted property.

As before, because this is standard Node.js behavior I consider this a hardening measure, not a security bugfix.

@ericcornelissen
Protect against polluted properties internally
3b9251b 
Update the internals of the project to protect against the potential of
polluted properties based on manual evaluation of the source code. Re-
use the `hasOwn` function from `options.js` (moved to `reflection.js`)
to achieve this.

- `executables.js`: Explicitly check that `PATH` (or `Path`) isn't being
  inherited. This is the most obvious place where this is necessary as
  the code already accounts for the potential of `PATH` being undefined.
- `platforms.js`: Safely get `OSTYPE` in case it isn't defined in order
  to avoid wrongly concluding the current system is a Windows system as
  a result of a polluted `OSTYPE` value.
- `win.js`: Safely get `ComSpec` in case it isn't defined (already taken
  into account as well) to avoid using a default shell defined by a
  polluted property.
@codecov Codecov
Copy link

codecov bot commented Nov 7, 2023
edited

Codecov Report

Merging #1285 (781c6b2) into main (a761fed) will not change coverage.
The diff coverage is 100.00%.

Additional details and impacted files 
@@            Coverage Diff            @@
##              main     #1285   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           16        16           
  Lines         1482      1492   +10     
=========================================
+ Hits          1482      1492   +10
Flag Coverage Δ
e2e-MacOS 91.01% <96.15%> (-0.02%) ⬇️
e2e-Ubuntu 91.01% <96.15%> (-0.02%) ⬇️
e2e-Windows 90.26% <96.55%> (-0.01%) ⬇️
integration-MacOS 99.53% <96.15%> (-0.09%) ⬇️
integration-Ubuntu 99.07% <96.15%> (-0.09%) ⬇️
integration-Windows 98.81% <100.00%> (+0.01%) ⬆️
unit 100.00% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
src/executables.js 100.00% <100.00%> (ø)
src/options.js 100.00% <100.00%> (ø)
src/platforms.js 100.00% <100.00%> (ø)
src/reflection.js 100.00% <100.00%> (ø)
src/win.js 100.00% <100.00%> (ø)

@ericcornelissen
Update unit test suite for executables.js
e553a73 
- Test that when `PATH` and `Path` are missing, no path is given to
  `which`.
- Test that a polluted `PATH` value is not used.
- Test that a polluted `Path` value is not used.
- Simplify existing tests that unnecessarily require `PATH` and `Path`
  to be present on the path.
@ericcornelissen
Merge branch 'main' into non-own-property-access
d33f60b
@github-actions github-actions bot added the test Relates to testing label Nov 8, 2023
@ericcornelissen
Update the changelog
0dcbb51
@ericcornelissen
Update unit test suite for win.js
7ec2e34 
Test that a polluted `ComSpec` value is not used.

Also, improve upon [1] by
- Not requiring non-empty PATH strings
- Improving test titles for newly added tests
for the `executables.js` test suite.

--
1. e553a73
@ericcornelissen
Test hasOwn, test polluted OSTYPE property for platforms
ee9bdbc
@ericcornelissen
Add preconditions to polluted value tests
6788559 
Otherwise they may fail. No matter how unlikely, we don't want these
tests to be flaky in practice.

I've opted to use `fc` within an AVA `test` over `testProp` because
`fc.pre()` does not seem to work with `testProp` (test fails if check
fails, instead of skipping it) and I think using `fc.pre()` is more
expressive than filtering the arbitrary (though it has the same result
and does work with `testProp`).
@ericcornelissen
Improve polluted tests
778e313 
- Correct OSTYPE pollution test, arbitrary values were ordered incorrect
- Improve ComSpec pollution test, include when ComSpec is defined
- Cover scenario where a value is both defined and polluted by
@ericcornelissen ericcornelissen marked this pull request as ready for review November 12, 2023 11:24
@ericcornelissen ericcornelissen merged commit f9141fb into main Nov 19, 2023
33 checks passed
@ericcornelissen ericcornelissen deleted the non-own-property-access branch November 19, 2023 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
test Relates to testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@ericcornelissen